More excellent research.
https://lock.cmpxchg8b.com/zenbleed.html
https://lock.cmpxchg8b.com/zenbleed.html
d1d4c71c
- 15 Followers
- 72 Following
- 20 Posts
No one of any consequence.
This is a reminder to regularly review the "connected device" settings on your various accounts (cloud storage providers, password managers, iCloud, email accounts)
It's something that often gets forgotten when you upgrade your devices - the assumption being that once it leaves your possession it's no longer active.
This isn't always true - once it leaves your hands, where does it go? Who has access to it?
The more paranoid among us will of course reset/wipe devices before selling/gifting/tossing things, which helps, but depending on your threat model, may not be sufficient.
It's something that often gets forgotten when you upgrade your devices - the assumption being that once it leaves your possession it's no longer active.
This isn't always true - once it leaves your hands, where does it go? Who has access to it?
The more paranoid among us will of course reset/wipe devices before selling/gifting/tossing things, which helps, but depending on your threat model, may not be sufficient.
This is some tremendous research, and really well presented. I love it when researchers lay out their methodology and experiments like this.
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Oh, and also - given ssh-agent forwarding with openssh, there's a way for a hostile server to get RCE on the client. But really, there's so much in this piece that is fascinating and probably will be useful or lead to more interesting findings later - I highly recommend reading this.
Deviant Ollam
Deviant's DEF CON Advice
It's refreshing to be somewhere that my timeline is just, and only, the posts of people I follow. All of them, in chronological order. Which honestly shouldn't be refreshing at all, it should be the way that things are.
This is something I've been trying to put my finger on for quite some time - algorithmically controlled media, tuned to bring engagement, in order to sell ads, is truly propagandistic. It centers a particular goal, and controls the narrative in order to bring one towards that goal. It doesn't matter if it's not political, or if you agree with it or not, if the aim is to get ads in front of the people most likely to react or intentionally sow discord - the mere act of using platforms where this is baked in makes us vulnerable to having our brains hijacked.
Alternatives aren't just nice. They're essential. Sure, in the fediverse, you can easily find an echo chamber if you want. But you won't be led by the nose into them, without consent. And that's a HUGE difference.
This is something I've been trying to put my finger on for quite some time - algorithmically controlled media, tuned to bring engagement, in order to sell ads, is truly propagandistic. It centers a particular goal, and controls the narrative in order to bring one towards that goal. It doesn't matter if it's not political, or if you agree with it or not, if the aim is to get ads in front of the people most likely to react or intentionally sow discord - the mere act of using platforms where this is baked in makes us vulnerable to having our brains hijacked.
Alternatives aren't just nice. They're essential. Sure, in the fediverse, you can easily find an echo chamber if you want. But you won't be led by the nose into them, without consent. And that's a HUGE difference.
There is but my client app doesn't expose it. Web interface does (Settings->Filters). Sweet.
I'm old enough to remember killfiles in rn, so proactive blocking is something I very much require. Is there a keyword based way to do that in mastadon?
Maybe two whole days on this platform and did my first proactive blocks! That's actually a good thing and it was easy to do.
Let's see. Is this thing on?